Start by downloading ddwrt for the TP-LINK\u00a0here<\/a>. \u00a0Get the factory-to-ddwrt.bin. \u00a0Please know that the published dd-wrt was incompatible with most new models of the 1043 and the WAN port wouldn’t function. \u00a0The version as of writing this is v24 pre SP2 build 21061 and I haven’t had any issues. \u00a0If you do find yourself having issues and you are daring you can try out a later image found here<\/a>.<\/p>\n Once downloaded follow dd-wrt’s 30-30-30 hard reset:<\/p>\n So you’ll be holding down reset for a full 90 seconds.<\/p>\n Then log into the the 1043. \u00a0The admin user and password are on the back of the device. \u00a0In the left navigation go to System Tools -> Firmware Upgrade. \u00a0Upload the .bin you downloaded and click upgrade.<\/p>\n TP-LINK default firmware upgrade.<\/p><\/div>\n DD-WRT SETUP<\/strong><\/p>\n Now log into the newly flashed TP-LINK. \u00a0The default IP is 192.168.1.1. \u00a0The first screen will let you set your admin user and password. \u00a0I recommend you do not use the one written on the device. \u00a0I won’t go into everything in this post, but I prefer to always turn off telnet and turn on ssh admin.<\/p>\n Turn off telnet and turn on SSH.<\/p><\/div>\n GENERATING KEYS AND CERTS<\/strong><\/p>\n To get openvpn up and running you’ll need to build a set of keys and certificates. \u00a0You can download easy-rsa to assist with this here<\/a>. \u00a0There are instructions and a detailed explanation of how to use easy-rsa here<\/a>. \u00a0A brief explanation is below.<\/p>\n You’ll now have a very well populated keys directory. \u00a0If you ever run clean-all again this will be deleted. \u00a0So back it up if you are going to start over.<\/p>\n Finally you’ll need a ta.key. \u00a0To do this ssh into the TP-LINK router. \u00a0Please note the user is\u00a0root<\/strong> when ssh-ing into the router. \u00a0The password is the one you set up as an admin password originally. \u00a0When logged in run Then cat the ta.key: You’ll need to save the ta.key somewhere off of the TP-LINK. \u00a0The storage there is volatile and will not survive a reboot.<\/p>\n CONFIGURE THE VPN SERVICE<\/strong><\/p>\n Now back to the TP-LINK GUI. \u00a0dd-wrt has made this process so simple now. \u00a0You may find instructions that involve going to Administration => Commands. \u00a0That is no longer needed and everything you need is available in the GUI.<\/p>\n Go to Services => VPN. \u00a0Enable the VPN server and set the UI to match this picture:<\/p>\n Upper settings for VPN server.<\/p><\/div>\n Now add the keys and certs to the spaces documented in the image. \u00a0Please only add the text inbetween the ——<Text>—–<Base64>——<Text>——<\/p>\n\n
![\"Upgrade](\"http:\/\/www.matthewmilcic.com\/blogs\/wp-content\/uploads\/2013\/05\/upgrade-624x463.png\")
<\/a>![\"Turn](\"http:\/\/www.matthewmilcic.com\/blogs\/wp-content\/uploads\/2013\/05\/ServicesOnDDWRT.png\")
<\/a>\n
. .\/vars<\/code><\/li>\n.\/clean-all<\/code><\/li>\n.\/build-ca<\/code><\/li>\n.\/build-dh<\/code> This will take a long time.<\/li>\n.\/build-key-server server<\/code><\/li>\n.\/build-key client1<\/code> This is the client name.<\/li>\n<\/ul>\nopenvpn --genkey --secret ta.key<\/code><\/p>\ncat ta.key<\/code><\/p>\n![\"Upper](\"http:\/\/www.matthewmilcic.com\/blogs\/wp-content\/uploads\/2013\/05\/openvpnServerUpperSettings.png\")
<\/a>
![\"OpenVPN](\"http:\/\/www.matthewmilcic.com\/blogs\/wp-content\/uploads\/2013\/05\/openvpnServerKeys.png\")
<\/a>